Details of VAR-202207-1444

ID

VAR-202207-1444

CVE

CVE-2022-32797

TITLE

apple's Apple Mac OS X and macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018247

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. apple's Apple Mac OS X and macOS Exists in unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within a function in AppleScript.framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-2 macOS Monterey 12.5 macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345. APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu) subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Calendar We would like to acknowledge Joshua Jones for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. DiskArbitration We would like to acknowledge Mike Cush for their assistance. macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----

Trust: 3.24

sources: NVD: CVE-2022-32797 // JVNDB: JVNDB-2022-018247 // ZDI: ZDI-22-1130 // ZDI: ZDI-23-645 // VULHUB: VHN-424886 // PACKETSTORM: 167788 // PACKETSTORM: 167789 // PACKETSTORM: 167787

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	macos	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.8	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	11.0 that's all 11.6.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	10.15.7	Trust: 0.8

sources: ZDI: ZDI-22-1130 // ZDI: ZDI-23-645 // JVNDB: JVNDB-2022-018247 // NVD: CVE-2022-32797

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2022-32797
value:	LOW
Trust: 1.4
nvd@nist.gov:	CVE-2022-32797
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32797
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2040
value:	HIGH
Trust: 0.6

ZDI:	CVE-2022-32797
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2022-32797
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32797
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-22-1130 // ZDI: ZDI-23-645 // JVNDB: JVNDB-2022-018247 // CNNVD: CNNVD-202207-2040 // NVD: CVE-2022-32797

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018247 // NVD: CVE-2022-32797

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2040

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2040

PATCH

title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/en-us/HT213345	Trust: 1.4
title:	HT213344 Apple Security update	url:	https://support.apple.com/en-us/HT213343	Trust: 0.8
title:	Apple macOS Big Sur Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209243	Trust: 0.6
title:	Apple: macOS Big Sur 11.6.8	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=46307825e8223bef6aa99c76dff503a5	Trust: 0.1
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1
title:	Apple: Security Update 2022-005 Catalina	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063	Trust: 0.1

sources: ZDI: ZDI-22-1130 // ZDI: ZDI-23-645 // VULMON: CVE-2022-32797 // JVNDB: JVNDB-2022-018247 // CNNVD: CNNVD-202207-2040

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32797	Trust: 5.1
db:	PACKETSTORM	id:	167789	Trust: 0.8
db:	PACKETSTORM	id:	167788	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-018247	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-17034	Trust: 0.7
db:	ZDI	id:	ZDI-22-1130	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-17359	Trust: 0.7
db:	ZDI	id:	ZDI-23-645	Trust: 0.7
db:	CS-HELP	id:	SB2022072102	Trust: 0.6
db:	CS-HELP	id:	SB2022072103	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3561	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2040	Trust: 0.6
db:	PACKETSTORM	id:	167787	Trust: 0.2
db:	VULHUB	id:	VHN-424886	Trust: 0.1
db:	VULMON	id:	CVE-2022-32797	Trust: 0.1

sources: ZDI: ZDI-22-1130 // ZDI: ZDI-23-645 // VULHUB: VHN-424886 // VULMON: CVE-2022-32797 // JVNDB: JVNDB-2022-018247 // PACKETSTORM: 167788 // PACKETSTORM: 167789 // PACKETSTORM: 167787 // CNNVD: CNNVD-202207-2040 // NVD: CVE-2022-32797

REFERENCES

url:	https://support.apple.com/en-us/ht213345	Trust: 3.1
url:	https://support.apple.com/en-us/ht213344	Trust: 2.3
url:	https://support.apple.com/en-us/ht213343	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32797	Trust: 1.1
url:	https://www.cybersecurity-help.cz/vdb/sb2022072103	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072102	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873	Trust: 0.6
url:	https://packetstormsecurity.com/files/167788/apple-security-advisory-2022-07-20-3.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3561	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32797/	Trust: 0.6
url:	https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html	Trust: 0.6
url:	https://support.apple.com/downloads/	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32786	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32785	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32787	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32781	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26704	Trust: 0.2
url:	https://support.apple.com/kb/ht213344	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0156	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32800	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32812	Trust: 0.1
url:	https://support.apple.com/ht213344.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32807	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0158	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0128	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4187	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46059	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4173	Trust: 0.1
url:	https://support.apple.com/ht213343.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4192	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4136	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4166	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24070	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2294	Trust: 0.1
url:	https://support.apple.com/ht213345.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32792	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29046	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29048	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28544	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32789	Trust: 0.1

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 1.4

sources: ZDI: ZDI-22-1130 // ZDI: ZDI-23-645

SOURCES

db:	ZDI	id:	ZDI-22-1130
db:	ZDI	id:	ZDI-23-645
db:	VULHUB	id:	VHN-424886
db:	VULMON	id:	CVE-2022-32797
db:	JVNDB	id:	JVNDB-2022-018247
db:	PACKETSTORM	id:	167788
db:	PACKETSTORM	id:	167789
db:	PACKETSTORM	id:	167787
db:	CNNVD	id:	CNNVD-202207-2040
db:	NVD	id:	CVE-2022-32797

LAST UPDATE DATE

2024-08-14T12:57:04.832000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-1130	date:	2022-08-23T00:00:00
db:	ZDI	id:	ZDI-23-645	date:	2023-05-17T00:00:00
db:	VULHUB	id:	VHN-424886	date:	2022-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-018247	date:	2023-10-19T05:44:00
db:	CNNVD	id:	CNNVD-202207-2040	date:	2022-12-09T00:00:00
db:	NVD	id:	CVE-2022-32797	date:	2022-11-02T13:18:35.983

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-1130	date:	2022-08-23T00:00:00
db:	ZDI	id:	ZDI-23-645	date:	2023-05-17T00:00:00
db:	VULHUB	id:	VHN-424886	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-018247	date:	2023-10-19T00:00:00
db:	PACKETSTORM	id:	167788	date:	2022-07-22T16:23:29
db:	PACKETSTORM	id:	167789	date:	2022-07-22T16:23:52
db:	PACKETSTORM	id:	167787	date:	2022-07-22T16:22:49
db:	CNNVD	id:	CNNVD-202207-2040	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32797	date:	2022-09-23T19:15:12.483